Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMPREHENSIVE SECURITY FRAMEWORK FOR COPERNICUS: FREE & OPEN DATA ACCESS TNC15 - Porto (Portugal), 17/06/2015 ESA EOP-G Network and Security team Barbara.

Published byNoreen Flowers Modified over 7 years ago

Similar presentations

Presentation on theme: "COMPREHENSIVE SECURITY FRAMEWORK FOR COPERNICUS: FREE & OPEN DATA ACCESS TNC15 - Porto (Portugal), 17/06/2015 ESA EOP-G Network and Security team Barbara."— Presentation transcript:

1 COMPREHENSIVE SECURITY FRAMEWORK FOR COPERNICUS: FREE & OPEN DATA ACCESS TNC15 - Porto (Portugal), 17/06/2015 ESA EOP-G Network and Security team Barbara Angelucci, RHEA System SA CISSP, ISO27001 LA

2 Agenda The Copernicus context The approach Project lifecycle management Conclusions The Copernicus context The Security Framework

3 The Copernicus Programme A European system for monitoring the Earth for the establishment of a European capacity to access key environmental data on a routine basis for EO for the establishment of a European capacity to access key environmental data on a routine basis for EO Provides the necessary data for operational monitoring of the environment and for civil security Provides the necessary data for operational monitoring of the environment and for civil security ESA coordinates the Space Component Space Component In-Situ Component Services Component

4 Copernicus: the Service component Land monitoring Marine environment monitoring AtmospheremonitoringAtmospheremonitoring Emergency management Space Infrastructure In Situ Infrastructure SecuritySecurity Climate change USERS OBSERVATION

5 Copernicus Service Component TT&C Stations Acquisition Stations Collaborative Ground Segment Collaborative Centre A CSC Core Ground Segment GCM GS Contributing Missions Collaborative Centre A Users EDRS Copernicus: the Space component Dedicated Missions CSC Coordinated Data Access

6 Agenda The Copernicus context The approach Project lifecycle management Conclusions The Security Framework The approach

7 Copernicus Data Policy: policy and objectives The data policy Grant f ff full, free and open access, subject to specific limitations like: a.licensing conditions b.security interests and external relations of the Union or its Member States c.risk of disruption of the Copernicus infrastructure d.ensuring reliable access The service objectives Ensure access Ensure access to information:  in case of emergency and critical situation  delivered accurately and reliably  granted in a sustainable manner

8 The challenge Complex Complex: Seamless service and infrastructure Several missions Different industries Multiple contracts Different actors Dynamic Dynamic: New and evolving requirements New satellites Real time data

9 A twofold perspective Technical Management CSC Security Framework CSC Security Framework Standards Best practices Standards Best practices EC Data Policy CSC Security objectives EC Data Policy CSC Security objectives Risks Copernicus objectives CSC Security Framework CSC Security Framework

10 Agenda The Copernicus context The approach Project lifecycle management Conclusions The Security Framework The Security framework

11 The Copernicus Security Framework Security requirements Secure operations management SystemsSystems Network policy Data classification User classification Access control ApplicationsApplications Security organization SECOPSSECOPS

12 Security requirements Systems and applications security 1.Operating systems hardening 2.Mandatory and periodic security patching process for OS and applications 3.Secure coding practices according to best industry practices and standards 4.A strategy to adapt the system to operating system and hardware evolutions to prevent risks deriving from system obsolescence, 5.Logical three-tier architecture model (presentation, application and data tier) 6.Data and user I/O to applications are validated in terms of syntactic and semantics checks 7.System security portal

13 Security requirements Network Security - Implementation Policy Different security level External Networks Demilitarized Zones (DMZs) Internal Networks Central security services Antivirus/antispam Proxy Mail relay DNS/NTP Network security measures Firewall IDP DDoS defense

14 Security Services Network Security - The Defence Perimeter Early Warning DDOS Ctrl FWs +IDPS Ctrl Services Loc. FW+IDPS PDGS Systems Redundant central firewalls to enforce the EU/ESA security policies Redundant DDoS self-learning detection and mitigation IDS/IPS detection and blocking Central events correlation service Redundant Proxies Peripheral firewalls with local IPS/IDS ACLs and Iptables

15 Security requirements Access control, user and data classification ESA Unclassified - For Official Use ESA Unclassified - For Internal Use ESA Unclassified - Proprietary Information …… AuthenticationAuthorizationAccountingStorageEncryption AdministratorsOperators End users SystemsManagers

16 Secure operations and management

17 Agenda The Copernicus context The approach Project lifecycle management Conclusions The Security Framework Project lifecycle management

18 Copernicus Security within the Project lifecycle: for each project …..

19 …. each single function …

20 …. and End to end

21 Agenda The Copernicus context The approach Project lifecycle management Conclusions The Security Framework Conclusions

22 Facts and figures 11 centres and 2 data centres successfully deployed 3 PDGS successfully integrated over the 11 centres more than 1200 operational servers (between physical and virtual), 75 of which on the DMZ; more than 100 custom- developed applications; more than 260 TB data Circulated and disseminated / Month for Sentinel 1A more than 40 different data classes; several hundreds of users more than 40 security devices monitored on a daily basis; 70.000.000 unauthorised requests blocked by first defence perimeter; 52000 security events blocked by the second defence layer

23 Conclusions Security Domains

24 Important Dates: Deadline for abstract submission16 October 2015 Notification of AcceptancesEnd January 2016 Issue of Preliminary ProgrammeFebruary 2016 Opening of Registration to the SymposiumFebruary 2016 Release of the Final Programme at the symposium Submission of Full Papers at the symposium Themes: Atmosphere, Oceanography, Cryosphere, Land, Hazards, Climate and Meteorology, Solid Earth/Geodesy, Near-Earth Environment, Methodologies and Products, Open Science 2.0 http://lps16.esa.int PRAGUE 09-13 MAY 2016 Main Objective: Presentation of Exploitation Results based on ESA Earth Observation Measurements

Download ppt "COMPREHENSIVE SECURITY FRAMEWORK FOR COPERNICUS: FREE & OPEN DATA ACCESS TNC15 - Porto (Portugal), 17/06/2015 ESA EOP-G Network and Security team Barbara."

Similar presentations

ESWW4, 5-9 th November 2007 Draft Proposal: Space Weather as part of an Optional Space Situational Awareness Programme A.Glover, E. Daly, R. Marsden, A.

ESWW4, 5-9 th November 2007 Draft Proposal: Space Weather as part of an Optional Space Situational Awareness Programme A.Glover, E. Daly, R. Marsden, A.
GEOSS Workshop 20 September 2013 ESRIN P. Bargellini, Ground Segment and Mission Operations Department, Earth Observation Programmes Directorate, European.

GEOSS Workshop 20 September 2013 ESRIN P. Bargellini, Ground Segment and Mission Operations Department, Earth Observation Programmes Directorate, European.
Space/GMES and Climate Change Mikko Strahlendorff, GMES Bureau.

Space/GMES and Climate Change Mikko Strahlendorff, GMES Bureau.
GEO South – Eastern Europe and Eastern Mediterranean Symposium on Earth Observation Services for Monitoring the Environment and Protecting the General.

GEO South – Eastern Europe and Eastern Mediterranean Symposium on Earth Observation Services for Monitoring the Environment and Protecting the General.
WMO WIGOS in support of DRR 2013 Coordination Meeting of DRR FP 14 - 16 October 2013, Geneva Dr S. Barrell, Chair, ICG-WIGOS Dr I. Zahumensky, WIGOS-PO.

WMO WIGOS in support of DRR 2013 Coordination Meeting of DRR FP October 2013, Geneva Dr S. Barrell, Chair, ICG-WIGOS Dr I. Zahumensky, WIGOS-PO.
WMO WIGOS in support of DRR 2013 Coordination Meeting of DRR FP 14 - 16 October 2013, Geneva Dr S. Barrell, Chair, ICG-WIGOS Dr I. Zahumensky, WIGOS-PO.

WMO WIGOS in support of DRR 2013 Coordination Meeting of DRR FP October 2013, Geneva Dr S. Barrell, Chair, ICG-WIGOS Dr I. Zahumensky, WIGOS-PO.
Geo-spatial information and remote sensing for crop production and environmental care Dr. Hanns-Christoph Eiden.

Geo-spatial information and remote sensing for crop production and environmental care Dr. Hanns-Christoph Eiden.
GEO SB-01 Oceans and Society: Blue Planet An Integrating Oceans Task of GEO GEO-IX Plenary 22-23 November 2012 Foz do Iguaçu, Brazil on behalf of the Blue.

GEO SB-01 Oceans and Society: Blue Planet An Integrating Oceans Task of GEO GEO-IX Plenary November 2012 Foz do Iguaçu, Brazil on behalf of the Blue.
Slide: 1 ROSA GRAS Meeting February 2009 Matera, Italy User Services EUMETSAT EUMETSAT Data Access & User Support.

Slide: 1 ROSA GRAS Meeting February 2009 Matera, Italy User Services EUMETSAT EUMETSAT Data Access & User Support.
1 State of play Robert Lowson EEA Kopernikus coordinator, GMES Bureau.

1 State of play Robert Lowson EEA Kopernikus coordinator, GMES Bureau.
Www.esf.org/marineboard First Marine Board Forum – 15 May 2008 - Oostende Marine Data Challenges: from Observation to Information From observation to data.

First Marine Board Forum – 15 May Oostende Marine Data Challenges: from Observation to Information From observation to data.
Copernicus The European Earth Observation Programme Astrid-Christina Koch Copernicus Infrastructures Unit Europe for GEOSS – Speakers Corner Geneva, 15.

Copernicus The European Earth Observation Programme Astrid-Christina Koch Copernicus Infrastructures Unit Europe for GEOSS – Speakers Corner Geneva, 15.
VENUS (Vegetation and Environment New µ-Spacecraft) A demonstration space mission dedicated to land surface environment (Vegetation and Environment New.

VENUS (Vegetation and Environment New µ-Spacecraft) A demonstration space mission dedicated to land surface environment (Vegetation and Environment New.
European Union Satellite Centre © 2014 EU SatCen as CEOS Associate 28 th CEOS Plenary 28 th CEOS Plenary Tromsø, Norway 29-30 October 2014 European Union.

European Union Satellite Centre © 2014 EU SatCen as CEOS Associate 28 th CEOS Plenary 28 th CEOS Plenary Tromsø, Norway October 2014 European Union.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
1 Dr Reinhard Schulte-Braucks Head GMES Unit, DG ENTR, EC The role of Copernicus in Promoting the European Economy Geospatial World Forum Rotterdam, 16.

1 Dr Reinhard Schulte-Braucks Head GMES Unit, DG ENTR, EC The role of Copernicus in Promoting the European Economy Geospatial World Forum Rotterdam, 16.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
EOSC Generic Application Security Framework

EOSC Generic Application Security Framework
The Preparatory Phase Proposal a first draft to be discussed.

The Preparatory Phase Proposal a first draft to be discussed.

Similar presentations

Ads by Google